CVE-2019-5464
https://notcve.org/view.php?id=CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Se detectó un problema de fallo de protección de un reenlace de DNS en GitLab CE/EE versiones 10.2 y posteriores, en el archivo "url_blocker.rb" que podría resultar en vulnerabilidad de tipo SSRF donde la biblioteca es utilizada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/63959 https://hackerone.com/reports/632101 • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-5462
https://notcve.org/view.php?id=CVE-2019-5462
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Se detectó un problema de escalada de privilegios en GitLab CE/EE versiones 9.0 y posteriores, cuando los tokens de activación no son rotados una vez que la propiedad de ellos ha cambiado. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58312 https://hackerone.com/reports/495282 • CWE-613: Insufficient Session Expiration •
CVE-2019-20144
https://notcve.org/view.php?id=CVE-2019-20144
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •
CVE-2019-20146
https://notcve.org/view.php?id=CVE-2019-20146
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 11.0 hasta la versión 12.6. Permite un Consumo No Controlado de Recursos. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-20147
https://notcve.org/view.php?id=CVE-2019-20147
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 9.1 hasta la versión 12.6.1. tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •